个人中心
gpt4 book ai didi

asp.net-mvc - Azure ActiveDirectory Graph API GraphClient 不返回 AD 组

转载 作者:行者123 更新时间:2023-12-02 03:27:51 25 4
gpt4 key购买 nike

我想从 Azure AD 检索用户组信息。

使用以下图形 API 包来实现此目的

  • Microsoft.Azure.ActiveDirectory.GraphClient
  • Microsoft.IdentityModel.Clients.ActiveDirectory 2.13.112191810

我能够从 Azure Graph API 成功检索用户信息。

但是当我运行此方法来检索用户组时,Fiddler 显示成功的 HTTP 200 响应,其中包含包含组信息的 JSON 片段,但该方法本身不会随 IEnumerable 返回。 

IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();

代码似乎没有从此异步请求返回。

最终的体验是空白页面,而身份验证管道被卡住。

完整代码

public override ClaimsPrincipal Authenticate(string resourceName, ClaimsPrincipal incomingPrincipal)
    {
        if (!incomingPrincipal.Identity.IsAuthenticated == true &&
            _authorizationService.IdentityRegistered(incomingPrincipal.Identity.Name))
        {
            return base.Authenticate(resourceName, incomingPrincipal);
        }

        _authorizationService.AddClaimsToIdentity(((ClaimsIdentity) incomingPrincipal.Identity));

        Claim tenantClaim = incomingPrincipal.FindFirst(TenantIdClaim);

        if (tenantClaim == null)
        {
            throw new NotSupportedException("Tenant claim not available, role authentication is not supported");
        }

        string tenantId = tenantClaim.Value;
        string authority = String.Format(CultureInfo.InvariantCulture, _aadInstance, _tenant);
        Uri servicePointUri = new Uri("https://graph.windows.net");
        ClientCredential clientCredential = new ClientCredential(_clientId, _password);

        AuthenticationContext authContext = new AuthenticationContext(authority, true);
        AuthenticationResult result = authContext.AcquireToken(servicePointUri.ToString(), clientCredential);
        Token = result.AccessToken;

        ActiveDirectoryClient activeDirectoryClient =
            new ActiveDirectoryClient(new Uri(servicePointUri, tenantId),
                async () => await AcquireTokenAsync());

       IUser user = activeDirectoryClient
           .Users
           .Where(x => x.UserPrincipalName.Equals(incomingPrincipal.Identity.Name))
           .ExecuteAsync()
           .Result
           .CurrentPage
           .ToList()
           .FirstOrDefault();

        if (user == null)
        {
            throw new NotSupportedException("Unknown User.");
        }          

       IEnumerable<string> groups = user.GetMemberGroupsAsync(false).Result.ToList();


        return incomingPrincipal;
    }

最佳答案

我也有同样的问题。我的代码在根据文档进行更改后可以正常工作 https://github.com/AzureADSamples/ConsoleApp-GraphAPI-DotNet 

        IUserFetcher retrievedUserFetcher = (User) user;
        IPagedCollection<IDirectoryObject> pagedCollection = retrievedUserFetcher.MemberOf.ExecuteAsync().Result;
        do {
            List<IDirectoryObject> directoryObjects = pagedCollection.CurrentPage.ToList();
            foreach (IDirectoryObject directoryObject in directoryObjects) {
                if (directoryObject is Group) {
                    Group group = directoryObject as Group;
                    ((ClaimsIdentity)incomingPrincipal.Identity).AddClaim(
                        new Claim(ClaimTypes.Role, group.DisplayName, ClaimValueTypes.String, "GRAPH"));
                }
            }
            pagedCollection = pagedCollection.GetNextPageAsync().Result;
        } while (pagedCollection != null && pagedCollection.MorePagesAvailable);

关于asp.net-mvc - Azure ActiveDirectory Graph API GraphClient 不返回 AD 组,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/27670394/

25 4 0
文章推荐: Perl:Math64::Int64 应该在 "Safe"隔间内工作吗?
文章推荐: revit-api - 是否有云 API 可以从 Revit 模型中提取数据?
文章推荐: symfony2 无法找到 Twig 模板
文章推荐: php - CodeIgniter 基本 Controller 扩展
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com